Saturday, October 10, 2009

Offtopic?! Blunders of Aion

Not to demonize our friends at NCSoft...

So Aion came out recently. Back in beta they were using nProtect GameGuard in an apparent attempt to stop cheaters. It was relatively big news when they pulled it for the game's release (but indicated they may use it in the future, and some sites say it may still be in use in some markets). So first a little bit about this whole GameGuard thing. I tried running the Aion client during beta, and without any other software running on the PC, the damn thing just wouldn't launch. It came up with an error in Korean. I don't read Korean, and I don't think the font is even installed. But it mentioned GameGuard in English. Long story short, I never successfully ran the game during beta. I probably could have, but I didn't bother. I had seen enough. The reason it wouldn't launch? I was running Windows 7. I could have probably copied it over to another PC and tried it, but the GameGuard debacle convinced me that I didn't want to.

I wasn't the only one with issues with GameGuard. Indeed, a quick Google search will turn up numerous problems that players were having with this "protection". And, as it turns out, these problems were basically all for naught. It was easy to disable GameGuard with a hack that someone distributed for free and could be found via a no-brainer Google search. So Aion using GameGuard didn't achieve its goals of preventing cheating, but it did prevent honest players from playing the game. If playing Aion is prevented, only the prevented will play Aion! In other words: FAIL!

And that's without going into any of the gory details of GameGuard! WoW players are lucky to have Blizzard's relatively non-invasive Warden. GameGuard runs a Windows driver (one that is commonly referred to as a rootkit, having complete and unfettered access to your PC, and "secret" functionality. Do YOU trust everything available for download on the internet?), which means that it can easily cause your system to BSOD (and, for many people, does exactly that). It's one thing to not trust your customers (in multiplayer games, this mistrust is necessary to some degree), but it's another to crash their PC, potentially causing lasting damage, while trying to achieve perceived fairness.

So these things presumably contributed to dropping GameGuard for the game's release. Smart move there. But NCSoft wasn't dropping cheat protection entirely, just GameGuard. I don't know of any available information about what protection is in place, and I haven't particularly looked myself, but last night they showed the world that they are still using something. And they're banning lots of people who aren't cheating (along with some who are). What's more, they did it on Friday night and apparently don't provide customer support on the weekends! Good game, NCSoft. Good game. (Update: This is enough of a problem that they are apparently working this weekend)

This has me slightly concerned about my own non-cheating customers. I write software that, by and large, is used for multiboxing (playing multiple characters) by facilitating visibility, ability to easily switch to different characters, and more recently the ability to control different characters at the same time as you control the main. And since my company launched in 2004, no multiboxers using my software have been banned from any game -- there were some accidentally banned from World of Warcraft a few years back, but their bans were reversed and Blizzard gave them free subscription time to make up for the mistake. But, while there are former Blizzard guys at the top of NCWest (US subsidiary of NCSoft) thanks to ArenaNet, and these guys seem pretty reasonable, NCSoft is not Blizzard, and NCWest doesn't exactly control NCSoft. So even though NCWest may be sympathetic to multiboxers, who knows what kind of destruction will be doled out by NCSoft. NCSoft is used to a much different Asian market, and recent law changes in Korea probably carry a lot of influence in what sort of protections the game will have. (Update: Apparently Jeff Strain left NCSoft a couple months ago, and I'm told that my statement "there are former Blizzard guys at the top of NCWest" may no longer be true)

I've spent a good portion of the last few weeks preparing my software for compatibility with Aion. That's just to get it to launch and interact with the game... in a style similar to what X-Fire does, but providing the capabilities in a different way (so as to support additional features such as the ability to manipulate the game window, or put games that don't support windowed mode in a window, and so on). But the end result is basically the same -- my software can provide an in-game interface and indeed X-Fire could be implemented using it (some people use an IRC plugin for my software for example, which allows them to chat on IRC while in game).

But my system is also more likely to be incompatible with a game than X-Fire is, for other reasons. Aion, for example, uses a packer called Themida. Themida is supposed to be one of the best ways to protect a program from being modified, or even reverse engineered (which is often necessary in order to implement interoperability, is used in many disciplines, and is expressly legal to do). But like GameGuard, this is only effective as long as the perceived enemy is unable to bypass it, and there is likely to be collateral damage. Older versions of Themida loaded a driver, and as I described with respect to GameGuard earlier, this meant BSOD and eventually incompatibility with Windows. Themida is also used, legitimately or not, to "protect" malware in order to evade your favorite anti-virus software, anti-spyware software, etc. This means that, for some people who are simply trying to protect themselves against malware, the game can't be played without disabling the anti-virus software, or is detected as malware and destroyed. But hey, at least the game can't be modified or reverse engineered, right? Wrong. Themida only prevents a program from being modified on disk, and even then, only if it is not unpacked. Aion unpacks itself in memory so that it's just like any other program, and once it's loaded in memory it can be both reverse engineered and modified. This means the Themida packing is only so effective in the first place. By using Themida they prevent entry-level hacking of the game, in exchange for looking like malware to various antivirus software, and whatever other collateral damage comes with it.

This happens to be a hindrance to my software because my original design had some related flaws. The way Themida unpacked Aion, it happened to ignore parts of my software. This is no longer the case. Unfortunately it's a lot of work to redesign something that has been an integral part of my software for 5+ years, so there is still work to be done before anyone is using ISBoxer to multibox in Aion. I sincerely hope that Aion does not become the first game to ban my customers for nothing other than multiboxing.

And for what? NCSoft has been so confident that this game would be the ever-so-elusive WoW killer (many have tried, but none have succeeded thus far) that they are trying to protect the game experience for honest players, but in the process have alienated many of those honest players. Honest players who might be purchasing multiple accounts, and telling all of their WoW friends that they should be switching to Aion because it is so awesome. Sadly, bungles early after a game's release can do more harm than having cheaters early after a game's release. Consider that WoW didn't even have Warden until many months after its release. And people cheated! They did all of the things that everyone hates them for doing, and you know what, even with Warden, people still cheat and do the same damn things they did before it came out. You don't have to ban honest players, you just need to create the impression that you are serious about taking steps against the cheaters that people are complaining about. There's going to be cheaters either way.

It seems to me that for all the work put into protecting the game, what they have actually achieved is a limitation on the size of their player base, rather than preventing cheating.

And, while I wholeheartedly disagree that Warden and other anti-cheating software is copyright-related DRM as protected by the DMCA in the US, there are clear parallels to be drawn. For example, some DRM restricts use to specific devices, preventing use of content by potential customers using other devices with the intention of selling more of the device it is restricted to, and many people remove this DRM in order to use it on devices from other vendors. In either case, the trade-off is to alienate some customers in order to achieve some goal for the company. And in the end, the customer that was locked out is able to take the upper hand.

To the company, this is all about money. The company is betting that by implementing this DRM, they will receive more money from customers. The obvious risk in this bet is that customers may not be willing to sign on to their DRM scheme. The company probably doesn't care if the DRM itself causes damage, until it hits them in the wallet.

If you need any examples of DRM causing damage, I have personal experience with one and another is common knowledge. Here's mine first: I made the mistake of installing a game called Splinter Cell: Chaos Theory on my PC several years ago, which used a protection scheme called StarForce. I didn't know or really even care until I later tried to upgrade from XP to Vista, and Vista told me I couldn't upgrade because StarForce is incompatible. Oh, and I couldn't uninstall StarForce to upgrade to Vista, even though I had long since removed SC:CT.. I had to do a clean install of the OS to get rid of it! (There's apparently a removal tool now) And for common knowledge, the words "Sony" and "rootkit" should be plenty, but if not, here's a link (this one actually hit Sony in the wallet!). People in general don't like overly restrictive DRM, and many will refuse to buy something that has it.

The company is betting that all of these factors combined with their cost of implementing the DRM will result in receiving more money than they would have gotten without the DRM. It seems to me that the way to balance this is to avoid overreaching at all costs, not to try to make it perfect. I am reminded of a quote... "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers." It'll never be perfect.

Friday, January 30, 2009

MDY v Blizzard trial results

Very interesting stuff. Today I will be writing about the court order dated January 28, 2009, found here in PDF form:

The most important point, as I see it (well, it's probably plain to see), is that the court ruled that Warden is protected by the DMCA insofar as that it protects the non-literal elements of the game. That is to say that the game elements generated by the server and sent to your client, which make use of the literal data -- say, a monster here, a building there, etc -- are copyrighted and Warden prevents accessing them if you are shown to be violating the Terms of Service. I would still argue that simply adding terms to the Terms of Service probably shouldn't be applied as far as the DMCA. I don't think it would fly for the RIAA, so why should it fly here?

This will also have implications for other games, and with companies that are far less trustworthy than Blizzard. For example: New game comes out, has DRM that is wider reaching than Warden and includes features that happen to send private data back to the server, and it's protected by the DMCA simply by tying random terms into the Terms of Service. Company doesn't mention it, much like Blizzard didn't come out and say exactly what Warden does (resulting in the Hoglund debacle and other false claims), and until someone reverse engineers it and determines what it is doing, nobody would be the wiser. Cue the ignorant responses: "They have your credit card information from subscribing, what else would they possibly want?" and "Well don't play the game then". It should be noted that until the problem is exposed, nobody would know not to play the game, and something could affect a large number of customers. And of course, providing software that protects your private data from being exposed would be a violation of the DMCA. How do you like them apples?

It doesn't even stop at games. That's just the most obvious. This could harm a lot of modding, of anything at all. A car manufacturer can put such controls on its in-car display system to prevent you from making changes to it by making it a copyright violation to do so. What sense does that make? For further reading on this point, an article at Ars Technica:

Blizzard also won on tortious interference with contract, which they were pretty confident about from the beginning. This is basically that MDY was apparently inducing WoW players to violate the terms of their contract (EULA, Terms of Service) with Blizzard by suggesting they use a bot.

And more importantly at least as far as MDY is concerned, Blizzard is entitled to a permanent injunction against Glider, preventing MDY from making another penny on it, not to mention the $6 million stipulated damages this means MDY owes Blizzard. Or rather, that Donnelly himself apparently owes Blizzard, since the court deemed him personally liable. Ouch.

The two sides have until Friday the 13th of February 2009 to make their cases as to why or why not the injunction should be stayed pending appeal (meaning that MDY of course has no choice but to appeal, and the argument is whether Glider sales should be allowed until the appeal process runs its course) and other minor details regarding the injunction.

So that's it for now.